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NEW ABSTRACT 

In accordance with the invention, a postal security device (PSD) (10) contains a 
non-volatile memory (13) which does not depend on battery power such as an 
EEPROM (13), and contains a nonvolatile memory (14,16) which does depend on 
battery power, such as a static RAM. The PSD (10) also contains an encryption 
engine (12,14,22). An encryption key is developed and is stored in the static RAM 
(14), which is sized to be only large enough to contain the encryption key. A large 
body of data, too large to fit in the static RAM, is encrypted by means of the 
encryption engine (12,14,22) and with reference to the encryption key, and is 
stored in the EEPROM (13). This body of data typically includes cryptographic 
keys and sensitive bit-images. When the PSD is powered, a large RAM (typically 
a dynamic RAM) (16) is available to receive the large body of data, decrypted 
using the encryption key. A tamper switch (17) cuts power to both RAMs 
(14,16)in the event of tampering. 
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I. Basis of the opinion 



1 . This opinion has been drawn on the basis of (Substitute sheets which have been famished to the meitfifig Office in response to an 
imfitaUon under y^rirck 14 an r^erred to in this opinion as "orignalhf jikd\)\ 



I x| the international application as originally filed. 

I x| the description, pages ^ as originally filed. 



pages NONE ^ filed with the demand. 



pages 



NONE 



filed with the letter of 



the claims. 



Nos. 
Nos. 
Nos. 
Nos. 



1-3 



NONE 



NONE 



NONE 



, as originally filed. 

, as amended under Article 19. 

, filed with the demand. 

, filed with the letter of 



I x| the drawings, sheets/fig 1~1 

sheets/fig NONE 



shcets/ftg 



NONE 



, as originally filed. 

, filed with the demand. 

, filed with the letter of 



2. The amendments have resulted in the cancellation of: 

I x| the description, page ^""^ 

fx] the claims, Nos.^^^1?^ 



I y| the drawings, sheets/fig 



3. I I This opinion has been established as if (some of) the amendments had not been made, since they have been 

considered to go beyond the disclosure as filed, as indicated in the Suppl e m e ntal Box Additional observations below 
(Rule 70.2(c)). 

4. Additional observations, if necessary: 
NONE 
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1. STATEMENT 
Novelty (N) 



Claims 1-3 



Claims none 



YES 
NO 



Inventive Step (IS) 



Claims 1-3 



Claims none 



YES 
NO 



Industrial Applicability (lA) 



Claims 1-3 



Claims none 



YT-S 
NO 



2. CITATIONS AND EXPLANATIONS 

1, Claims 1-3 meet the criteria set out in PCT Article 33(2)-(4), because the prior art does not teach or fairly suggest 

the removal of power from a PSD so as to delete the encryption key from the PSD if tampering with the PSD has been 
detected. 



NEW CITATIONS 

NONE 
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VII. Certain defects in the international application 

The following defects in the form or contents of the international application have been noted: 

1. The drawings are objected to under PCT Rule 66.2(a)(iii) as containing the following defect(s) in the form or content 

thereof: 

^ 1. 1 The drawings lack an explicit encryption engine, claims 1-3, although devices\^2, 14 & 22 may act as an encryption 
engine. 

^ 2. The description is objeaed to as containing the following defect(s) under PCT Rule 66.2<a)(iii) in the form or contents 

thereof: 

y/ 2A The disclosure lacks an explicit reference to the feature of the invention designated as 11 in fig, 1. 
2.2 A statement of —I Claim:— is lacking. 
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VIII. Certain observations on the international application 



The following observations on the clarity of the claims, description, and drawings or on the question whether the claims are fully 
supported by the description, are made: 

1 Claims 2 & 3 are objected to under PCT Rule 66.2(a)(v) as lacking clarliy under PCT Article 6 because the claims 

2 & 3 are indefinite for the following reasoa(s): 

1,1 In claims 2 & 3. it is unclear how it is determined if tampering has occurred, since a tampering event has not been 
detected within these claims. 
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YES 
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NO 
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Claims None NO 
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It would thus be desirable to have a PSD design which protects the many important items of data 
stored within, and yet which does not draw very much battery power and so permits a 
commercially acceptable battery life. 



Summary of the invention 



5 hi accordance with the invention, a postal security device (PSD) contains a nonvolatile memory 
which does not depend on battery power, such as an EEPROM, and contains a nonvolatile 
memory which does depend on battery power, such as a static RAM. The PSD also contains an 
encryption engine. An encryption key is developed and is stored in the static RAM, which is sized 
to be only large enough to contain the encryption key. A large body of data, too large to fit in the 

10 static RAM, is encrypted by means of the encryption engine and with reference to the encryption 
key, and is stored in the EEPROM. This body of data typically includes cryptographic keys and 
sensitive bit-images. When the PSD is powered, a large RAM (typically a dynamic RAM) is 
available to receive the large body of data, decrypted using the encryption key. A tafnper switch 
cuts power to both RAMs in the event of tampering, hi this way, the battery power required to 

15 maintain the PSD during power-off periods is minimal, and yet the large body of data will be 
inaccessible in the event of tampering. 



Description of the drawing 



The invention will be described with respect to a drawing, of which: 



Fig. 1 is a schematic functional block diagram of a system according to the invention. 



20 Detailed description 

Fig. 1 shows a postal security device (PSD) in accordance with the invention. The PSD has a 
secure housmg 1 1, a microprocessor 12 wliich communicates on a bus 23 with an input/output 
(I/O) device 18, a memory wliich does not require battery backup 13 which may be for example an 
EEPROM or 

4 
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I Claim: 

1. A postal security device comprising a secure housing, and within the secure housing a body of 
data having a size, said postal security device also having within the secure housing means for 
generating print data for printing of postage indicia, said generating of said print data relying in part 
5 on the body of data, said postal security device also having within the secure housing a first memory 
sized to accommodate the body of data, said first memory of a type not requiring electrical power 
to maintain the contents thereof, said postal security device also having within the secure housing a 
second memory not large enough to accommodate the body of data, said second memory of a type 
requiring electrical power to maintain the contents thereof, said postal security device also 
10 comprising a battery powering the second memory and a tamper switch mechanically coupled with 
the secure housing so that upon tampering with the secure housing the second memory is 
disconnected from the battery, said postal security device further comprising an encryption key 
stored within said second memory, said postal security device further comprising a cryptographic 
engine, said body of data encrypted by the cryptographic engine with respect to the encryption key. 

15 2. A method for use with a postal security device comprising a secure housing, and within the 

secure housing a body of data having a size, said postal security device also having within the secure 
housing means for generating print data for printing of postage indicia, said generating of said print 
data relying in pan on the body of data, said postal security device also having within the secure 
housing a first memory sized to accommodate the body of data, said first memory of a type not 

20 requiring electrical power to inaintain the contents thereof, said postal security device also having 
within the secure housing a second memory not large enough to accommodate the body of data, 
said second memory of a type that requires electric power to maintain its contents, said postal 
security device also comprising a battery powering the second memory and a tamper switch 
mechanically coupled with the secure housing so that upon tampering with the secure housing the 

25 second memory is disconnected from the battery, said postal security device further comprising an 
encryption key stored within said second memory, said postal security device further comprising a 
cryptographic engine; the method coinprising the steps of: 
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storing the encryption key within the second memory; 
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encrypting the body of data by the cryptographic engine with respect to the encryption key; 
storing the encrypted body of data in the first memory, 
determining if tampering has occurred; and 

in the event of tampering, removing power from the second memory, 

3. A method for use with a postal security device comprising a secure housing, and within the 
secure housing a body of data having a size, said postal security device also having within the secure 
housing means for generating print data for printing of postage indicia, said generating of said print 
data relying in part on the body of data, said postal security device also having within the secure 
housing a first memory sized to accommodate the body of data, said first memory of a type not 
requiring electrical power to maintain the contents thereof, said postal security device also having 
within the secure housing a second memory not large enough to accommodate the body of data, 
said second memory of a type that clears its contents upon a predetermined electrical condition, 
said postal security device also comprising a tamper switch mechanically coupled with the secure 
housing so that upon tampering with the secure housing the second memory has said predetermined 
electrical condition, said postal security device further comprising an encryption key stored within 
said second memory, said postal security device further comprising a cryptographic engine; the 
method comprising the steps of: 

storing the encryption key within the second memory; 

encrypting the body of data by the cryptographic engme with respect to the encryption key; 
storing the encrypted body of data in the first memory, 
determining if tampermg has occurred; and 

in the event of tampering, causing said predetermined electrical condition. 
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^ENT COOPERATION TR 



PCT/US99/05891 



From the INTERNATIONAL BUREAU 



PCT 

INFORMATION CONCERNING ELECTED 
OFFICES NOTIFIED OF THEIR ELECTION 

{PCT Rule 61.3) 


To: 

OPPEDAHL, Carl 
Oppedahl 8t Larson LLP 
P.O. Box 5270 
Frisco, CO 80443-5270 
ETATS-UNIS D'AMERIQUE 


Date of mailing (day/month/year) 
27 January 2000 (27.01.00) 




Applicant's Qr agent's file reference 
ASCOP061WO 


IMPORTANT INFORMATION 


International application No. 
PCT/US99/05891 


International filing date (day/month/year) 

18 March 1999 (18.03.99) 


Priority date (day/month/year) 

18 March 1998 (18.03.98) 


Applicant 

ASCOM HASLER MAILING SYSTEMS INC. et al 



1. The applicant is hereby informed that the Internationa! Bureau has, according to Article 31(7), notified each of the following 
Offices of its election: 

EP :AT,BE,CH,CY,DE,DK,ES,FI,FR,GB,GR,IEJT,LU,MC,NL,PT,SE 

National :CA,JP,US 

2. The following Offices have waived the requirement for the notification of their election; the notification will be sent to them 
by the International Bureau only upon their request: 

None 

3. The applicant is reminded that he must enter the "national phase" before the expiration of 30 months from the priority date 
before each of the Offices listed above. This must be done by paying the national fee(s) and furnishing , if prescribed, a 
translation of the international application (Article 39(1 )(a)), as well as, where applicable, by furnishing a translation of any 
annexes of the international preliminary examination report (Article 36(3)(b) and Rule 74.1). 

Some offices have fixed time limits expiring later than the above-mentioned time limit. For detailed information about the 
applicable time limits and the acts to be performed upon entry into the national phase before a particular Office, see Volume II 
of the PCT Applicant's Guide. 

The entry into the European regional phase is postponed until 31 months from the priority date for all States designated for 
the purposes of obtaining a European patent. 
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The International Bureau of WlPO 
34, chemin des Colombettes 
1211 Geneva 20, Switzerland 


Authorized officer: 

Diana Nissen 
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Facsimile No. (41-22) 740.14.35 


Telephone No. (41-22) 338.83.38 






Form PCT/IB/332 (September 1997) 
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From the INTERNATIONAL BUREAU 



PCT 

NOTIFICATION CONCERNING 
SUBMISSION OR TRANSMITTAL 
OF PRIORITY DOCUMENT 

(PCT Administrative Instructions, Section 411) 


To: 

OPPEDAHL, Carl 

f^r^ r^oHa h 1 fit 1 9 rco n 

P.O. Box 5270 
Frisco, CO 80443-5270 
tTATS-UNIo U AMEnlUUb 


Date of mailing (day/month/year) 
12 May 1999 (12.05.99) 




Applicant's or agent's file reference 
ASCOP061WO 


IMPORTANT NOTIFICATION 


International application No. 
PCT/US99/05891 


International filing date (day/month/year) 
18 March 1999 (18.03.99) 


International publication date (day /mo nth/year) 

Not yet published 


Priority date (day/month/year) 

18 March 1998 (18.03.98) 


Applicant 

ASCOM HASLER MAILING SYSTEMS INC. et a! 



1. The applicant is hereby notified of the date of receipt (except where the letters "NR" appear in the right-hand column) by the 
International Bureau of the priority document(s) relating to the earlier application(s) indicated below. Unless otherwise 
indicated by an asterisk appearing next to a date of receipt or by the letters "NR", in the right-hand column, the priority 
document concerned was submitted or transmitted to the International Bureau in compliance with Rule 17.1(a) or (b). 

2. This updates and replaces any previously issued notification concerning submission or transmittal of priority documents. 

3. An asterisk*) appearing next to a date of receipt, in the right-hand column, denotes a priority document submitted 
or transmitted to the International Bureau but not in compliance with Rule 17.1(a) or (b). In such a case, the attention 
of the applicant is directed to Rule 17-1(c) which provides that no designated Office may disregard the priority claim 
concerned before giving the applicant an opportunity, upon entry into the national phase, to furnish the priority document 
within a time limit which is reasonable under the circumstances. 

4. The letters "NR" appearing in the right-hand column denote a priority document which was not received by the International 
Bureau or which the applicant did not request the receiving Office to prepare and transmit to the International Bureau, 

as provided by Rule 17.1(a) or (b), respectively. In such a case, the attention of the applicant is directed to Rule 17.1(c) which 
provides that no designated Office may disregard the priority claim concerned before giving the applicant an opportunity, 
upon entry into the national phase, to furnish the priority document within a time limit which is reasonable under the 
circumstances. 



Priqrity d^tQ 

18 Marc 1998 (18.03.98) 
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Priority application No. 
60/078,489 

n 



Country or regional Office 
or PCT receiving Office 

US 



Date of receipt 
of priority document 

21 Apri 1999 (21.04.99) 



ill: ^^V"^ 
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The International Bureau of WlPO 
34, chemin des Colombettes 
1211 Geneva 20. SwcUerfand 

Facsimile No. (41-22) 740.14.35 


Authorized officer 

Marc Salzman 

Telephone No. (41-22) 338.83.38 



Form PCT/IB/304 (July 1998) 



002617481 



(fc^^ATENT COOPERATION 



From the 

INTERNATIONAL PREUMINAR Y H!!5VMINING AUTHORITY 




To: 



CARL OPPEDAHL 
OPPEDAHL & LARSON 
P.O. BOX 5270 
FRISCO CO 80443-5270 



per 



NOTIFICATION OF RECEIPT 
OF DEMAND BY COMPETENT INTERNATIONAL 
PRELIMINARY EXAMINING AUTHORITY 

(PCT Rule 593(e) and 6Ll(b). first sentence 
and Administrative Instructions, Seaion 601(a)) 



Date of mailing 
(dayJhionih/year) 



13 JAN 2000 



Applicant's or agent's file reference 

ASCOP061WO 


IMPORTANT NOnFICA-nON 


International application No. 

PCT/US99/0589i 


International filing date (day/month/year) 

18 MAR 99 


Priority date (day /month/year) 

18 MAR 98 


Applicant 

ASCOM HASLER MAILING SYSTEMS INC. 



1. The applicant is hereby notified that this International Preliminary Examining Authority considers the following date as the 
date of receipt of the demand for international preliminary examination of the international application* 

1 6 JUL f999^ 

2. That date of receipt is: . 

die actual date of receipt of the demand by this Authority (Rule 61.1(b)). 
I I die actual date of receipt of the demand on behalf of this Authority (Rule 59.3(e)). 

I I *® which tills Autiiority has, in response to tiie mvitation to correct defects in tfie demand (Form 

PCT/IPE A/404), received the required corrections. 

3. [~j ATraNTION: That date of receipt is AFTER die expiration of 19 montiis from die priority date. Consequently, die 

election(s) made in die demand does (do) not have die effect of postponing die entry into die national phase until 
30 mondis from die priority date (or later in some Offices) (Article 39(1)). Therefore, die acts for entry into die 
national phase must be performed witfiin 20 mondis from die priority date (or later in some Offices) (Article 22) 
For details, see die PCT Applicant's Guide ^ Volume II. 

I I (^f oppUcable) This notification confirms die information given by telephone, facsimile transmission or in person 

on* r ' 1 



4. Only where paragraph 3 applies, a copy of diis notification has been sent to dje InternatioJA t^uJe&. 2000 | 



'■ • L 



Name and mailing address of the IPEAAJS 
Assistant Commissioner for Patents 
Box PCT 

Washington. D.C. 20231 Attn: IPEA/US 

Facsimile No. 



Authomzed^fificer 





Form PCT/IPEA/402 (July 1998) 



CvK^PiJTEB DOCKET... 
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From the INTERNATIONAL BUREAU 



PCT 

NOTICE INFORMING THE APPLICANT OF THE 
COMMUNICATION OF THE INTERNATIONAL 
APPLICATION TO THE DESIGNATED OFFICES 

(PCT Rule 47.1 (c), first sentence) 


To: 

OPPEDAHL, Carl 
Oppedahl & Larson 
P.O. Box 5270 

ETATS-UNIS D'AMERIQUE 


Date of mailing (day/month/year) 

23 Septennber 1999 (23.09.99) 




Applicant's or agent's file reference 

ASCOP061WO 


IMPORTANT NOTICE 


International application No. 

PCT/US 99/05891 


International filing date (day/month/year) 

18 March 1999 (18.03.99) 


Priority date (day/month/year) 
18 March 1998 (18.03.98) 


Applicant 

ASCOM HASLER MAILING SYSTEMS INC. et al 



1. Notice Is hereby given that the International Bureau has communicated, as provided in Article 20, the international application 
to the following designated Offices on the date indicated above as the date of mailing of this Notice: 

EP,JP,US 

In accordance with Rule 47.1(c), third sentence, those Offices will accept the present Notice as conclusive evidence that 
the communication of the international application has duly taken place on the date of mailing indicated above and no copy 
of the international application is required to be furnished by the applicant to the designated pffice(s). 1 

2. The following designated Offices have waived the requirement for such a commun[icbti6ii»'it this. t^ J '^l 

CA (};!'' 



The communication will be made to those Offices only upon their request. Further^- 
appHcant to furnish a copy of the international application (Rule 49.1 (a-bis)). 



orAijhose Ofnces do not require 



3. Enclosed with this Notice is a copy of the international application as published by'the Inter nationaf-B urea u on ..i 

23 September 1999 (23.09.99) under No. WO 99/48055 

REMINDER REGARDING CHAPTER II {Article 31(2)(a) and Rule 54.2} 

If the applicant wishes to postpone entry into the national phase until 3D months (or later in some Offices) from the priority 
date, a demand for International preliminary examination must be filed with the competent International Preliminary 
Examining Authority before the expiration of 19 months from the priority date. 

It is the applicant's sole responsibility to monitor the 19-month time limit. 

Note that only an applicant who is a national or resident of a PCT Contracting State which is bound by Chapter II has the 
right to file a demand for international preliminary examination. 

REMINDER REGARDING ENTRY INTO THE NATIONAL PHASE (Article 22 or 39(1)) 

If the applicant wishes to proceed with the international application in the national phase, he must, within 20 months 
or 30 months, or later in some Offices, perform the acts referred to therein before each designated or elected Office. 

For further important information on the time limits and acts to be performed for entering the national phase, see the 
Annex to Form PCT/IB/301 (Notification of Receipt of Record Copy) and Volume II of the PCT Applicant's Guide. 
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The International Bureau of WlPO 
34, chemin des Colombettes 
121 1 Geneva 20, Switzerland 



Facsimile No. (41-22) 740.14.35 



rr 



Authorized officer 



J. Zahra 

Telephone No. (41-22) 338.83.38 



Form PCT/IB/308 (July 1996) 



2847004 / 
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iI'I£A/_US- 



PCX 



DEMAND 



CHAPTER II 



ululcr Article 3 1 of the Piitcnl CoopL-ration Trciity: 
The uiulcrsiuned requests thnt the intcrnalionni application specified below be the subjcct.ot 
inlcmational prc!i.nina.7 examination according to the I>alenl Cooperation Treaty and 
hereby elects all eligible States (except where olhenvisc nidicaled). 



Kicntification of IPEA 



I'ur Inlcrnalional Preliminaiy I'xaniining Authority use only 



Date of receipt of DEMAND 



Box No. I iDi£NTII'lCAriONOrTIIli:iNTKimATK)iNALAI>rUCATIOiN 



hiternational application No. 
PCT/US99/05891 



International filing date (day/month/yvar) 
18/03/1999 



A[iplie:iiii*s or ayciil's I'tic rclci cnce 



(Earliest) Priority date (day/month/yvar) 

18/03/1999 



Tiileofinveniion TAMPER RESISTANT POSTAL SECURITY DEVICE WITH LONG 
BATTERY LIFE 



Box No. II APriJCAN'r(S) 



Name and address: (homilv name fnllonv^i hy ^'nt^i /.///»;•; for a Icy^ai aMity lidl of/idal d.'si^natum. 
Vw dddvcxx mml inchnfc posfnf cmh aiul mime of anmUy) 

ASCOM HASLER MAILING SYSTEMS INC. 
19 FOREST PARKWAY 
SHELTON, CT G6484-6140 
UNITED STATES OF AMERICAN 



Telephone No.: 

(203) 925-2418 



l-*;icsiinile No.: 



( 203) 926-0203 



Tcleprinlcr No.: 



Slate (dmt is, coiinlry) of nationality: 



US 



State (thai i.w cowUiy) of residence: 



US 



NACLERIO, Edward J. 
49 Scenic Road 
Madison, CT 06443 
UNITED STATES OF AMERICA 



Stale (fhai is. mmiry) of nationality: 



US 



Slate (duii is, tvwary) of residenee: 



US 



Nan.e and address: l.y nan.: M a tc^ai .Ui,y full of/iaal dcsi^uui.. 71. add,r. ... inMe pa.,;/ and nan.e of counUy) 



Suite (that is, cotmliy) of nalionaiily: 



Slate (dial is, coimiiy) of* residence: 



[ [ Purllier :ipplieanls are indicated on a continiialion sheel. 



# 



Tnlci nalional ;ippIicMlion No. 

Shed No. . 2 p^-^ /t^^cvj c^/ pg-^ <iA. 



Box No. in AGENT OR COMMON REPRESENTATIVE; OR ADDRESS FOR CORRESPONDENCE 



The following person is [x] ygcnt Q common rcprcscnlativc 

:uk1 [x] h;is been ;ippoiiiicJ c:u Hcr ;nul teprcscnls the npplic;ini{s) also Ibr intcrnnlionni preliminary c.vaniinalion. 

I I is hereby appoinled and any earlier appointment or(an) agent(s)/common representative is hereby revoked. 

I — 1 is hereby appointed, specifically for the procedure before the International Preliminary Examining Authority, in addition to 
the aeenKsVcomnion representative appointed earlier. 



Name and address: (Fontilv name folhwctl by ^ivcn luimc; for a Ic^a! yndty. full oO'idal ticsi^nathn. 
The inhfress must include postal coilc and name of country.) 

LARSON, Marina T. and OPPEDAHL, Carl 
OPPEDAHL & LARSON LLP 
PO BOX 5270 

FRISCO, CO 80443-5270 



Telephone No.: 

(970) 668-2050 



Facsimile No.: 



Tclcpriiucr No.: 



□ Address for correspondence: Mark this check-box where.' no agent or common representative is/has been appointed and the 
space above is used instead to indicate a special address to which correspondence should be sent. 



Box No. IV BASIS FOR INTERNATIONAL PRELIMINARY EXAMINATION 



Statement concerning; amendments:* 

1. The applicant wishes the international preliminary examination to start on the basis of: 
[ xl the international application as originally filed 

the description [HI as originally filed 

I I as amended under Article 34 

the claims \^ as originally filed 

P~| ns amended under Article 1 9 (together witli any accompanying statement) 
[ I as amended under Article 34 

(he drawings I I as originally Hied 

[ I as amended under Article 34 

2. Q The applicant wishes any amendment to the claims under Article 1 9 to be considered as reversed. 

3 I — I The applicant wishes the start of the international preliminary examination to be postponed until the expiration of 20 months 

' ' from the priority date unless the International Prcliminai7 Examining Authority receives a copy of any amendments made 

under Article 1 9 or a notice from tlie applicant that he does not wish to make such amendments (Rule 69. 1 (d)). Oln.s check- 
box may be marked only where the time limii under Article 19 has not yet expired.) 
Where no check-box is marked, international preliminary examination will start on the basis of the international application 
•!S oriuinally Hied or where a copy of amendments to the claims under Article 1 9 and/or amendments of the mternational application 
under Article 34 arc received by the International Preliminaiy Examining Authority before it has begun to draw up a wriilon opnuon 
or the international preliminary examination report, as so amended. 



Lanjjiiagc for the purposes of international preliminary examination: .ENGLISH 

which is the language in which the international application was filed, 
I I which is the language of a translation furnished for the puiposes of inlemationai search. 
I [ which is the language of publication of the international application. 

I I which is the language ofthc translation (to be) furnished for the purposesofintcnialionalprcliminai-y examination. 



Box No.V ELECTION OF STATES 



The applicant hereby elects all eligible States (that is. all States which have been desii;nated and which arc bottnd by Chapter // of 



the PCT) 

excluding the following States which the applicant wislies not to elect: 



1 



Sheet No. . 3. 



lUcriuUioiKiI iippliciuion No. 
PCT/US99/05891 



Uox No. VI CHECKLIST 



rUc tlciiiniitl is iicconipanicti by the following clcmcnls. in ihc knigicigc rcfctTcd lo in 
I3ox No. IV, lor the piiiposcs of inlcmalionni preliminiiiy examination: 



1. translation orintcrnational application 

2. amendments under Article 34 

3. copy (or, where required, translation) of 
amendments under Article 1 9 

4. copy (or, where required, translation) of 
statement under Article 19 

5. letter 

6. other (specify) 



For International Prcliminai7 
Examining Autliorily use only 





received 


not received 


sheets 


□ 


□ 


slicets 


□ 


□ 


sheets 


□ 


□ 


sheets 


□ 


. □ 


sheets 


□ 


□ 


sheets 


□ 


□ 



The demand is also aceonipanicd by the item(s) marked below; 

1. [x] fee calculation sheet ^- □ statement explaining lack of signature 

2. □ separate signed power of attorney 5. nucleotide and or amino acid sequence listing in 

3. I I copy of general power of attorney; 
' ' reference number, if any: 



computer readable form 
6 . I I other (specify) : 



Box No. VII SIGNATURE OF APPLICANT, AGENT OR COMMON REPRESENTATIVE 



to to cm-h si^nanav. imiicatc the name of the person si^^nin^ and the cv/M:cily in Mi the i^enson .si^^ (if such cafxidty « not ohviom from raiciini^ the dcnuauf). 



MAR INA T. - ^AHb U N> P irTDT 



For International Preliminary Examining Authority use only 



I. Dale of actual receipt of DEMAND: 



2. Adjusted date of receipt of demand due 
to CORRECTIONS under Rule 60, 1 (b): 



nThc date of receipt of the demand is AFTEIl the expiration of 1 9 months 
from the priority date and item 4 or 5, below, docs not apply. 



□ The applicant has been 
informed accorditigly. 



I 1 The date of receipt of the demand is WITHIN the period of 19 months from the priority date as extended by virtue of 

I I Rule 80.5. 



5 Q Although the date of receipt of the demand is after the expiration of 19 months from die priority date, the delay in arrival 



is EXCUSED pursuant to Rule 82. 



Demand received from ll'EA on: 



For International Bureau use only 
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CHAPTER II 



FEE CALCULATION SHEET 
Annex (olIicOLMiiniHi rorintcM nntioniilprcIinHiinrycxnniiniUion 

- For Intcniationul Preliminary Examining Authority use only 



Internationa! PCT/US9 9/0 5 8 9 1 
application No. 



Applicant's or agent's ASCOP06 1 WO 
flic reference 



Date stamp of the I PEA 



Applicant 



ASCOM HASLER MAILING SYSTEMS INC- 



Calculation of prescribed foes 



1. Preliminary examination fee 

2. Hantllini* fee (Appliainls /'row ccrutin States arc 
cniillcd to a reduction of 75% of the handling fee. 
mere the applicant /.v (or all applicants are) so en- 
titled, the anwunl to be entered at H is 25% of the 
handling fee.) 

3. Total of prescribed fees 

Add the amounts entered at P and H 

:inti enter total in the TOTAL box 



4^0 



2- 



TOTAL 



Mode of Payment 






r— i authorization to charge deposit 
1 1 account with the I PEA (see below) 


□ 


cash 


1 X 1 cheque 


□ 


revenue stamps 


1 1 postal money order 


□ 


coupons 


1 1 bank draft 


□ 


other ^v/x^c//v'j: 



Deposit Account Authorization (this mode of payment may not he available at all IPEAs) 



The I PEA/ 



US 



15-0610 



I I is hereby authorized to charge the total fees indicated above to my deposit account. 

(diis dieck^box mav be marked only if the conditions for deposit accounts of the IPEA so pcrmif) is hereby 
^ ' authorized to charge any dcHcicncy or credit any overpayment m the total lees indicated above to 
my deposit account. 



Depttsit Account Number 



Date (day/month/ycar) 



Signature 




ASCOP061WO 

BEFORE THE INTERNATIONAL PRELIMINARY EXAMINING AUTHORITY 
. Applicaiu: ASCOM HASLER MAILING SYSTEMS INC. 
Serial No.: PCT/US99/0589 1 
Filed: March 18, 1999 

For: Tamper Resistant Postal Security Device with Long Battery Life 

RESPONSE TO WRITTEN OPINION 

'■"his is ill response to the Written Opinion mailed Febmary 9, 2000 for the 
above-captiojied application. Reconsideration of die application and claiins ill view of the 
remarks herein is respectfully requested. Three (3) pagos of replacement sheets are 
enclosed. On :ep]acement page 4, a reference to the secure housing shown as reference 
number 1 1 in Fig. 1 has been added. Support for this ainendment is found on page 1, lines 
24-26. Replacement sheet 8 contains the added language "I Claim" suggested by the 
examiner. Replacement sheet 9 contains amendments to claims 2 and 3. 

Paragraph VII of the Written Opinion identities certain defects in the 
international apj;iication. The drawings were objected to for lacking an explicit encryption 
engine, although devices 12, 14 and 22 were stated as possibly acting as an encryption 
engine. Page 5, lines 25-27 recite that ''enciyption is performed by the processor 12 
executing encryption software in the ROM 22, or may optionally be perfonned by an 
encryption engine omitted for clarity in Fig. 1." Applicants respectfully submit that Fig. 1 
does contiiin an explicit encryption Liigine in device 12. 

Tlie description is objected to as lacking an explicit reference to the feature 
of the invention designated as 1 1 in Fig. 1 . Page 4 of die description has been amended to 
refer to reference number 1 1 in Fig. 1 as a secure housing. The Background section of the 
description contains many references to secure housings as conventional parts of a postal 
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ASCOP061WO 



security device t^see p<ige 1, line 25; page 3, lines 13 and 15). Applicants respectfuUy 



submit that the aniendiiient to page 4 does not include new matter. 

The disclosure was objected to for lacking a statement of - -I Claim- -. 
This statement has been added to page 8. 

i ^ai agraph VIII of the Written Opiiiion identifies claims 2 and 3 as lacking 
clarity ui;der PCT Article 6 because it is unclear how it is uetei uiined if tampering has 
occurred, since a Tampering event has not been detc . ted witliin the claims. Claims 2 and 3 
have been amende d to include the step of "determining if tampering has occuired". Support 
for this amendment is found in the description on page 3, lines 4-18. Applicants subinit that 
the scope of these claims, as amended, is not unclear i.nd meets the requirements of PCT 



Ai'ticle 6. 



Respectfully submitted, 




Carl Oppedahl ^ 
PTO Reg. No. 32,746 
(970) 068-2050 



Nancy J. Parsons 
PTO Reg. No. 40,364 
(970) 668-2050 
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It would thus be desirable to have a PSD design wliich protects the many important items of data 
stored witliiji, and yet which does not draw very much battery power and so permits a 
commercially acceptable battery life. 

. Summary of the invention . 

hi accordance with the invention, a postal security device (PSD) contains a nonvolatile memory 
wlvich does not depend on battery power, such as an EEPROM, and contains a nonvolatile 
memory wliich does depend on battery power, such as a static RAM. The PSD also contains an 
encryption engine. An encryption key is developed and is stored in tl; ^ static R/VM, wliich is sized 
to be onJy large enough to contain the encryption koy. A large body of data, too large to fit in the 
static RAM, is encrypted by means of the encryption engine and with reference to the encryption 
key, and is stored in the EEPROM. Tiiis body of data typically includes cryptograpliic keys and 
sensitive bit- images. When the PSD is powered, a large RAM (typically a dynaaiic RAM) is 
available to receive the large body of data, decrypted using the encryptiorr key. A tamper switch 
cuts power to both RAJVIs in the event of tampering, hi tliis way, the battery power requii'ed to 
maintain the PSD during power-off periods is minimal, and yet the large body of data wiU be 
inaccessible in the event of tampering. 

Description of the drawing 

The invention will be described with respect to a drawing, of which: 

Fig. 1 is a schematic functional block diagram of a system according to the invention. 

Detailed description 

Fig. 1 shows a postal security device (PSD) in accordance with the invention. The PSD has a 
secure housing 1 1, a microprocessor 12 which communicates on a bus 23 with an input/output 
(I/O) device 18, a memory which does not require battery backup 13 wliich may be for example an 
EEPROM or 



« 

I Claim; 

1 A postal secLu ir.y de vice comprising a secure housing, aiui within tlx* secure housing a body of 
data having a size, saici postal security device also iiaving wi-liin the secure housing means for 
generating print data R ;• printing of postage indicia, said gencratijig of said print data relying in part 
5 on the body of data, s;:id postal security device also having witliin the secure housing a first memory 
sized to accommodate tlie body of data, saio' Inst memoiy of a type not requiiMjig electrical power 
to maintain the cr : jnt - thereof, said postal security de\ ice also having widiin the secure housing a 
second memory not large enough to accommodate the body of data, said second memory of a type 
requiring electrical power to maintain the contents thereof, s:iid postal security device also 
10 comprising a battery po\'. eriiig the second memory and a tamper switch mechanically coupled with 
the secure housini. so tha; upon tampering with the secure housing the second memory is 
disconnected fi'on^. 'die baUery, said postal security device further comprising au encryption key 
stored witliin said second memory, said postal security device further conrnising a ciyptograpMc 
enguie, said body of data encrypted by the cryptograpliic engine with respect to the encryption key. 

15 2. A mediod for use wiUi a postal security device comprising a secure housing, and witliin the 

secure housing a body of data having a size, said postal security device also having witliin the secure 
housing means for generating print data for printing of jiostage indicia, said generating of said print 
data relying in part on the body of data, said postal security device also Iiaving witlihi the secure 
housing a fu st memory sized to accommodate tiie body of data, said fu'st memory of a type not 

20 requii'ing electrical power to maintain the contents thereof, said postal security device also having 
witliin the secure housijir. a second memory not large enough to accommodate the body of data, 
said second memory of a type that requires electric power to maintain its contents, said postal 
security device also comprising a battery powering the second memory ajid a tamper switch 
mechanically coupled with the secure housing so that upon tamperijig with the secure housing the 

25 second memory is disconnected from the battery, said posta] security de\ ice further comprising au 
encryption key stored within said second memory, said postal security device further comprisiag a 
cryptograpliic engine; the method comprising the steps of: 
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storing the encryption key witliin the second niehiory; 

encrypting the body of data by the cryptographic engine with respect to the encryption key; 
storing the encrypted body t.)f data in the fir.st nie;nory, 
5 detennijiii]g if tampering has occuired; and 

ill the event of tanipeflng, removing power fi'om the second memory. 

3. A method for use with a postal security device ct inprisir^g a secure 1 asiiig, and witliiii the 
secure housing a body of data having a size, said po ual sc :urity device :uso having witliiii the secure 
housing means for generating prijit data for printing of postage indicia, : aid generating of said print 

10 data relying in part on tlie body of data, said postal security device also iiaving witliin the secure 
housing a fu'St memory sized to accommodate the body of data, said tu'si memory of a type not 
requii'ing electrical power to maintain the contents there^.jf, saiJ postal security device also having 
withiji the secure housing a second memory not large enough ^o accomnvodate the body of data, 
said second memory of a type that clears its contents upon a predetennined electrical condition, 

15 said postal security device also comprising a tamper switch Jiicchanically coupled with the secure 

housing so that upon tampering witli the secure housing the .'-econd meiviury has said predetennined 
electrical condition, said postal security device further comprising an encryption key stored witliin 
said second memory, said postal security device further c ^uprising a cryp: ^graphic engine; the 
method comprising the steps of: 

20 storijig the encryption key within the second memory; 

encrypting the body of data by the cryptographic engine with respect to the encryption key; 
storijig tlie encrypted body of data in the first memory, 
determining if tampering has occurred; and 

ii} the event of tamperijig, causijig said predetermined electrical condition. 
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(57) Abstract 

In accordance with the invention, a postal security device (PSD) (10) contains a non-volatile memory (13) which does not depend on 
battery power such as an EEPROM (13), and contains a nonvolatile memory (14, 16) which does depend on battery power, such as a static 
RAM- The PSD (10) also contains an encryption engine (12, 14, 22). An encryption key is developed and is stored in the static RAM (14), 
which is sized to be only large enough to contain the encryption key. A large body of data, too large to fit in the static RAM, is encrypted 
by means of the encryption engine (12, 14, 22) and with reference to the encryption key, and is stored in the EEPROM (13). This body of 
data typically includes cryptographic keys and sensitive bit-images. When the PSD is powered, a large RAM (typically a dynamic RAM) 
(16) is available to receive the large body of data, decrypted using the encryption key. A tamper switch (17) cuts power to both RANJs 
(14, 16) in the event of tampering. 
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TAMPER RESISTANT POSTAL SECURITY DEVICE WITH LONG BATTERY LIFE 

The invention relates generally to postage meters (franking machines), and relates particularly 
to systems in which postage value is stored in a postal security device (PSD) so as to be 
protected against undetected tampering. The application claims priority from US application 
no. 60/078,489, filed March 18, 1998, which application is incorporated herein by reference 
to the extent permitted by the designated and elected States hereto. 

Background 

In recent years it has been proposed to print postal indicia by means of conventional 
nonsecure printers such as laser printers, ink-jet printers, and thermal transfer printers. Such 
printers are termed "nonsecure" because the printer itself is not in a secure housing and 
because the communications channel linking the printer to other apparatus is nonsecure. 
Under such a proposal, the question naturally arises what would prevent a user from printing 
the same postal indicium repeatedly, thereby printing postal indicia for which no money has 
been paid to the post office. The proposed anti-fraud measure is to store information within 
the indicia which would permit detecting fraud. The indicium would include not only 
human-readable text such as a date and a postage amount, but would also include machine- 
readable information, for example by means of a two-dimensional bar code. The machine- 
readable information would be cryptographically signed, and would include within it some 
information intended to make fraud more difficult. The information would typically include 
an identification of the postage meter license (granted by the meter manufacturer or by the 
postal authorities, depending on the country), an indication of the number of mail pieces 
franked, the postage amount, a postal security device identifier about which more will be said 
later, the date and time, and a zip code or post code of the mail piece addressee. 

The typical apparatus for printing such ^'encrypted indicia" postage includes what is called a 
postal security device or PSD. The PSD has a secure housing, and within the secure housing 
are the accounting registers as well as a cryptographic engine. The engine permits 
cryptographic authentication and signing for communicadon with an external device such as 
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the computer of the meter manufacturer or of the post office. The engine also permits 
creation of postal indicia which contain specified information and which are 
cryptographically signed. The PSD may well be physically small as compared to traditional 
postage meters. The PSD may be the size of a PCMCIA card or the size of a smart card. 

Within the PSD the memory must be protected against inadvertent damage due to 
malfunction of the processor of the PSD, for example as set forth in US Pat. No, 5668973, 
Protection system for critical memory information owned by the same assignee as the 
assignee of the present application. The PSD must handle power failure in a graceful fashion, 
for example as set forth in US Pat. No. 5712542, Postage meter with improved handling of 
power failure, also owned by the same assignee as the assignee of the present application. 

To reduce smudging, the printer may preferably be that described in PCT publication no. 
97-46389, Printing apparatus, also owned by the same assignee as the assignee of the present 
application. While it has been proposed that the PSD contain a real-time clock which is 
keeping time continuously, desirably this requirement may be avoided as described in PCT 
publication no. 98-08325, Printing postage with cryptographic clocking security, also owned 
by the same assignee as the assignee of the present application. PSDs can form part of a 
network with multiple printers as described in PCT publication no. 98-13790, Proof of 
postage digital franking, also owned by the same assignee as the assignee of the present 
application. 

The postal authorities face the question how the PSD can be protected from tampering. For 
example, the entire system of PSDs depends on the use of cryptographic keys. The keys are 
used for authenticating communications between the PSD and the manufacturer's system or 
the postal authority's system. Such communications are used to set up and maintain the 
PSDs, and are used to refill or "reset" the PSDs to reflect the ability to print more postage. 
The keys are also used to cryptographically *'sign" information printed in the postal indicia. If 
the cryptographic keys were compromised, a user might be able to defraud the post office or 
the PSD manufacturer or both. 



/ 
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Many approaches have been proposed for protection of such cryptographic keys from 
compromise. The usual approach is to place the cryptographic keys in a RAM (random 
access memory) of a type which keeps its contents only so long as the RAM receives power 
from a battery. The secure housing of the PSD is designed to include a tamper switch, so that 
5 if the secure housing is tampered with, the switch opens. The switch interrupts power to the 
RAM (and, in particular, interrupts battery power to the RAM) and its contents are lost. In 
this way the information in the RAM (for example, the cryptographic keys) is protected from 
tampering. Another proposed approach is to employ commercial memory chips (such as the 
Dallas Semiconductor DS1283 and Benchmarq bq3283) offer a pin on the package which 
10 will clear the memory based on a predetermined input voltage level. The tamper switch is set 
up to apply the predetermined voltage upon detection of tampering. 

Many approaches have also been proposed for detection of the tampering. In EP 820 041, for 
example, it is suggested that the secure housing of an old-style mechanical or 
electromechanical postage meter be set up to contain an air pressure that is distinctively 
15 higher than or lower than normal atmospheric pressure. If the secure housing is violated, the 
pressure within the secure housing changes to match the ambient pressure. A sensor within 
the housing detects the pressure change and thus the violation. The sensor disables further 
function of the postage meter. 

The approach of cutting power to a volatile memory such as the RAM discussed above has a 
20 drawback in that during periods of power-down, the RAM depends on an internal battery to 
avoid loss of the information in the RAM. Depending on the requirements of the postal 
authority, and on design decisions made by the PSD manufacturer, the quantity of data 
requiring protection may be quite large. The data to be protected may include cryptographic 
keys used for PSD configuration, keys used for remote resetting (refilling), keys used for 
25 signing postal indicia, and keys used for the management of the other keys. In addition it may 
be desired to protect the bit-images used to generate the human-readable portion of the 
printed indicia. A RAM big enough to hold all of these important items of data will also 
draw a non-negligible current from the internal battery. This may lead to a limited and 
commercially unacceptable battery life. 
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It would thus be desirable to have a PSD design which protects the many important items of 
data stored within, and yet which does not draw very much battery power and so permits a 
commercially acceptable battery life. 

Summary of the invention 

5 In accordance with the invention, a postal security device (PSD) contains a nonvolatile 
memory which does not depend on battery power, such as an EEPROM, and contains a 
nonvolatile memory which does depend on battery power, such as a static RAM. The PSD 
also contains an encryption engine. An encryption key is developed and is stored in the static 
RAM, which is sized to be only large enough to contain the encryption key. A large body of 

10 data, too large to fit in the static RAM, is encrypted by means of the encryption engine and 
with reference to the encryption key, and is stored in the EEPROM. This body of data 
typically includes cryptographic keys and sensitive bit-images. When the PSD is powered, a 
large RAM (typically a dynamic RAM) is available to receive the large body of data, 
decrypted using the encryption key. A tamper switch cuts power to both RAMs in the event 

15 of tampering. In this way, the battery power required to maintain the PSD during power-off 
periods is minimal, and yet the large body of data will be inaccessible in the event of 
tampering. 

Description of the drawing 
The invention will be described with respect to a drawing, of which: 
20 Fig. 1 is a schematic functional block diagram of a system according to the invention. 

Detailed description 

Fig. 1 shows a postal security device (PSD) in accordance with the invention. The PSD has a 
microprocessor 12 which communicates on a bus 22 with an input/output (I/O) device 18, a 
memory which does not require battery backup 1 3 which may be for example an EEPROM or 
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flash memory, a relatively small RAM 14, a ROM 22, and a larger RAM 16. The I/O device 
18 communicates with external apparatus by means of communications channel 19 which 
may be a serial asynchronous data line. External power 21 and ground 20 are also defined. 
The larger RAM 16, and most of the other active components, receive external power. The 
5 smaller RAM 14 is additionally able to receive power from a backup battery 15, preferably a 
lithium cell with a very long (e.g. ten year) life. A tamper switch 17 is provided which, when 
triggered, can cut power to both the small RAM 14 and the large RAM 16. 

A large body of data is assumed to require protection from a tampering user. The EEPROM 
is selected to be large enough to hold this body of data after it has been encrypted. When 

10 power is applied and the system is stable, the body of data (or selected portions thereof) is 
decrypted and transferred to RAM 16. This decryption is performed by the microprocessor 
12 executing a decryption routine stored in the ROM 22, and the decryption is done with 
respect to a decryption key in the RAM 14. Alternatively the decryption may be performed 
by an optional engine omitted for clarity in Fig. 1. The decrypted data in RAM 16 are used as 

15 needed for the ordinary functions of the PSD, which include communicating via the 

communications channel 19 with a user computer, with a manufacturer's system, or with a 
postal authority system, and can include generating postal indicia which are to be printed by 
means of a printer. 

When external power 21 is cut off, or when the PSD undergoes a normal power-down 
20 routine, the information in the RAM 16 is lost. In contrast, the information in the RAM 14 is 
preserved even when external power 21 is lost, because of battery 15. 

During normal operation the body of data that requires protection from a tampering user (or 
some portion of it) may be located "in the clear", that is, unencrypted, in the RAM 16. In the 
event that this data has changed, it may be necessary to encrypt the data and to store it again 
^25 in the memory 13. This encryption is performed by the processor 12 executing encryption 

software in the ROM 22, or may optionally be performed by an encryption engine omitted for 
clarity in Fig. L 
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The power-down condition for the PSD 10 assumes that no power is present at line 21 . In 
that event, the only powered device is RAM 14. RAM 14 was purposefully selected to be 
large enough to hold the encryption key but not much larger, and in any event is smaller than 
the large body of data that is understood to require protection from a tampering user. Because 
5 of the limited size of the RAM 14, it does not draw as much current from the battery 15 as 
would be drawn by a larger RAM such as RAM 16. Thus, the battery life is optimized, 
especially as compared with the shorter battery life that would result if the large body of data 
were all in battery-backed-up RAM. 

Tampering may happen during a time when external power 21 is present. At a minimum, the 
10 tamper switch should cut power to the RAM 14. (Or, alternatively, the tamper switch should 
apply to RAM 14 the predetermined voltage that clears the RAM.) Preferably the tamper 
switch will also cut power to the RAM 16 (or clear the RAM 16), for the reason that some of 
the body of sensitive data may be present "in the clear" in the RAM 16, and should not fall 
into the hands of the tampering user. Alternatively the tamper switch might trigger an 
15 interrupt in the processor 12 which would cause the processor 12 to clear the sensitive 
portions of the RAM 16. 

Tampering may also happen during a time when external power 21 is absent. In such a case, 
the RAM 16 is already, by definition, empty, as it is unpowered. The tamper switch causes 
the RAM 14 to be cleared. If the tampering user extracts the contents of the memory 13, this 

20 is of little significance, because the contents are useless unless decrypted with the assistance 
of the key that is no longer present in the RAM 14. If the PSD 10 is powered up again after 
the tampering, the decryption routine will not work because the key of RAM 14 is gone. In 
addition, desirably the processor 12, under program control, will note the fact that RAM 14 is 
empty and will immediately attempt to send a message via communications channel 19 to the 

25 manufacturer or to the postal authority. 

Those skilled in the art will readily appreciate that design considerations may prompt the use 
of electrical components in addition to or instead of those shown in Fig. 1, none of which 
depart in any way from the invention. For example, dedicated cryptographic chips may be 
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employed which take some of the computational burden from the microprocessor. As another 
example, the particular way in which the tamper switch cuts power to the RAM may be 
varied, and the particular type of tamper switch may be selected among several types, all 
without departing in any way from the invention. Those skilled in the art will indeed have no 
5 difficulty devising obvious variations and improvements to the invention, all of which are 
intended to be encompassed by the claims that follow. 
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Claims 

1. A postal security device comprising a secure housing, and within the secure housing a 
body of data having a size, said postal security device also having within the secure housing 
means for generating print data for printing of postage indicia, said generating of said print 

5 data relying in part on the body of data, said postal security device also having within the 

secure housing a first memory sized to accommodate the body of data, said first memory of a 
type not requiring electrical power to maintain the contents thereof, said postal security 
device also having within the secure housing a second memory not large enough to 
accommodate the body of data, said second memory of a type requiring electrical power to 

10 maintain the contents thereof, said postal security device also comprising a battery powering 
the second memory and a tamper switch mechanically coupled with the secure housing so that 
upon tampering with the secure housing the second memory is disconnected from the battery, 
said postal security device further comprising an encryption key stored within said second 
memory, said postal security device further comprising a cryptographic engine, said body of 

15 data encrypted by the cryptographic engine with respect to the encryption key. 

2. A method for use with a postal security device comprising a secure housing, and within 
the secure housing a body of data having a size, said postal security device also having within 
the secure housing means for generating print data for printing of postage indicia, said 
generating of said print data relying in part on the body of data, said postal security device 

20 also having within the secure housing a first memory sized to accommodate the body of data, 
said first memory of a type not requiring electrical power to maintain the contents thereof, 
said postal security device also having within the secure housing a second memory not large 
enough to accommodate the body of data, said second memory of a type that requires electric 
power to maintain its contents, said postal security device also comprising a battery powering 

25 the second memory and a tamper switch mechanically coupled with the secure housing so that 
upon tampering with the secure housing the second memory is disconnected from the battery, 
said postal security device further comprising an encryption key stored within said second 
memory, said postal security device further comprising a cryptographic engine; the method 
comprising the steps of: 
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Storing the encryption key within the second memory; 

encrypting the body of data by the cryptographic engine with respect to the encryption key; 

storing the encrypted body of data in the first memory; and 

in the event of tampering, removing power from the second memory. 

5 3. A method for use with a postal security device comprising a secure housing, and within 

the secure housing a body of data having a size, said postal security device also having within 
the secure housing means for generating print data for printing of postage indicia, said 
generating of said print data relying in part on the body of data, said postal security device 
also having within the secure housing a first memory sized to acconnmodate the body of data, 

10 said first memory of a type not requiring electrical power to maintain the contents thereof, 

said postal security device also having within the secure housing a second memory not large 
enough to accommodate the body of data, said second memory of a type that clears its 
contents upon a predetermined electrical condition, said postal security device also 
comprising a tamper switch mechanically coupled with the secure housing so that upon 

15 tampering with the secure housing the second memory has said predetermined electrical 

condition, said postal security device further comprising an encryption key stored within said 
second memory, said postal security device further comprising a cryptographic engine; the 
method comprising the steps of: 

storing the encryption key within the second memory; 
20 encrypting the body of data by the cryptographic engine with respect to the encryption key; 
storing the encrypted body of data in the first memory; and 
in the event of tampering, causing said predetermined electrical condition. 
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ASCOM HASLER MAILING SYSTEMS INC. 
19 Forest Parkway 
Shelton, CT 06484-6140 
United States of America 


[ ■ 1 This person is also inventor. 
Telephone No. 

(203) 925-2418 

Facsimile No. 

(203) 926-0203 

Teleprinter No. 


State (that is, country) oT nationality: 


Stale (that is, country) of residence: 


1 liis person is applicant [ | all designated all designated Stales except | 1 ihc United Slates 1 1 the States indicated in 

for the purposes of: 1 1 States A the United Stales oT America | | of America only | | the Supplemental Box 


Box No. Ill FURTHER APPLICANT(S) AND/OR (FURTHER) INVENTOR(S) 


Narpe and address: (Family name followed by given name; for a legal entity, full official . 
designation. The address must include postalcode and name of countrv. 7 he countrvofthe 
address indicatedin this Box is the applicant *sState (that is, country) of residence if no State 
of residence is indicated below.) 

NACLERIO, Edward J. 
49 Scenic Road 
Madison, CT 06443 
United States of America 


This person is: 

[ 1 applicant only 

[ applicant and inventor 

1 1 inventor only (If this check-box 
is marked, do not fill in below.) 


Stale (that is, cottntty) of nationality: US 


State (that is. country) of residence: 


This person is applicant | | all designated | 1 all dcsit'tiatcd States except r~} the United Slates 1 I the States indicated in 
for the purposes of: I 1 States 1 J the UniV. d States of America L_23 of America only I 1 the Supplemental Box 


"1 Further applicants and/or (further) inventors arc indicai::d on a continuation sheet. 


Box No. IV AGENT OR COMMON REPRESENTATIVE; OR ADDRESS FOR CORRESPONDENCE 


The person identified below is hereby/has been appointed to ;r:t on behalf I 1 . ) 1 

of the applicant(s) before the competent Inlcmalional Authoriiies as:' 1 l. ''^'''^^ LJ representative 


Name and address: (Family name followed by given name: for a legal entitv, full official 
designation. 'Die address must include postal code and name of count fy.) 

OPPEDAHL, Carl, LARSON, Marina T. 

Oppedahl & Larson 

P.O. Box 5270 

Frisco, CO 80443-5270 

United States of America 


Kclephone No. 

(970) 668-2050 

•acsimilc No. 

(970) 668-2082 

"cicprinter No. 


1 Address for correspondence: Mark this check-box where no agent or common representative is/has been appointed and ihc 
1 1 space above is used instead to indicate a special address to whtcn correspondence should be sent. 
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Box No.V 



DESIGNATION 



iTATES 




The following desigruilions arc hereby made under Rule 4.9(a) (mark the applicable check boxes: at ieast one must be marked): 



□ 
□ 



AP 



EA 



Regional Patent 

ARI PO Patent: CH Ghana, GM Gambia, KE Kenya, LS Lesotho, MW Mahv/i. SD Sudan, SZ Swaziland, UG Uganda, 
Z\V Zimbabwe, and any other Stale which is a Contracting Slate of the Harare Protocol and of the PCr 
Eurasian Patc'nri AIM Armenia, AZ Azerbaijan, BY Belarus, KG Kyrgyzslan. KZ Kazakhstan, fVID Republic of 
Moldova, RU Russian Fedcralion, TJ Tajikistan, TM Turkmenistan, and any other Slate which is a Contracting Slate 
of the Eurasian Patent Convention and of the PCT 

European Patent: AT Austria, BE Belgium, CM and LI Switzerland and Liechtenstein, CY Cyprus DE Germany, 
DK Denmark ES Spain, FI Finland, FR France, GD Uniicd Kingdom, GR Greece, IE Ireland, IT Italy. LU Luxembourg. 
M C Monaco, NL Netherlands, PT Porlugal, SE Sweden, and any other State which is a Contracluig Stale of the ILuropean 
Patent Convention and of the PCT 
OA OAPI Patent: BF Burkina Faso, BJ Benin, CF Central African Republic, CG Congo, CI COtcd'Ivoirc CM Cameroon, 
GA Gabon GN Guinea, ML Mali, MR Mauritania, NE Niger, SN Senegal, TD Chad, TG Togo, and any other State 
which is a member SlaleofOAI'l and a ConlractingSlalcof the PCT (if other kind of protection or treatment desired, specijy 

on dotted line) ; 

(if other kind of protection or treo:ment desired, specify on dotted line): 



B EP 



□ 



National Pa 


n 

LJ 


A I 


LJ 


AIVI 


LJ 


A T 


1 — 1 
LJ 


A 1 I 


LJ 




r~i 


BA 


n 


BB 


n 


BG 


n 




r-i 
1 1 


BY 


IS 

am 




LJ 


CM a 


LJ 




I 1 




n 


cz 


□ 


DE 


□ 


DK 


n 

I 1 


EE 


n 


ES 


n 


FI 


□ 


GB 


LJ 


\j ii> 


□ 


GM 


□ 


GM 


□ 


GW 


□ 


HR 


□ 


HU 


□ 


ID 


□ 


IL 


□ 


IS 


s 


JP 


□ 


KE 


□ 


KG 


□ 


KP 


□ 


KR 


□ 


KZ 


□ 


LC 


□ 


LK 


□ 


LR 



Albania . . 
Armenia . . 
Austria . . . 
Australia . . 
Azerbaijan 
Bosnia and 
Barbados 
Bulgaria . . 
Brazil . . . . 
Belarus . . . 
Canada 



-lerzegovina 



ind LI Switzerland and Liechtenstein 

China 

Cuba 

Czech Republic 

Germany 

Denmark 

Esionia 

Spain 

Finland 

United Kingdom 

Georgia ; 

Ghana 



Croatia 

Mungary ■ 

Indonesia 

Israel 

Iceland 

Japan 

Kenya 

Kyrgyzstan 

Democratic People's Republic of Korea 



□ 
□ 
□ 
□ 
□ 
□ 
□ 

□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 
□ 

□ 
□ 
□ 
□ 



LS 
LT 
LU 
LV 



Lesotho • 

Lithuania 
Luxembourg 
Latvia 

MD Republic of Moldova 

MG Madagascar 

MK The former Yugoslav Republic of Macedonia 

MN Mongolia 

MW Malawi • 

MX Mexico ■ 

NO Norway 

NZ New Zealand * 

PL Poland 

PT Portugal 

RO Romania 

RU Russian Federation • 

SD Sudan 
SE Sweden 
SG Singapore 

SI Slovenia 

SK Slovakia • 

SL Sierra Leone 

TJ Tajikistan . . . . ! 

TM Turkmenistan 



Turkey 

Trinidad and Tobago . . . 

Ukraine . * . 

Uganda 

United Slates of America . 



TR 
TT 
UA 
UG 
US 

UZ 
VN 
YU 

ZW Zimbabwe 



Uzbekistan 
Vict Nam . 
Yugoslavia 



Republic of Korea 

Kazakhstan 

Saint Lucia 
Sri Lanka 
Liberia 



Check-boxes reserved for designating Stales (for the pumoses of 
a national patent^ which have become party to the PCT after 
issuance oMhis slicct: 



□ 
□ 



Precautionary Designation Statement: In addition to the designations made above, ihe applicant also makes under Rule 4.9(b) all other 
designations which would be permillcd under the PCT except any designation(s) indicated in the Supplemental Box as being excluded 
from the scope of ihis slalemenl. The applicant declares that those additional designations are subject lo confirmation and lhal any 
designation which isnotconnrmed before ihcexpiralion of 15 months from the priority dale isto be regarded as withdrawn by Iheapplic^^^ 
at the expiration of that time limit. (Confirmation of a designation consists oftheftln^ of a notice specifying that designation and the 
payment of the dcsignaiion and confirmation fees. Confirmation must reach the receiving Office within the IS-month time limit.) 
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A PCT/US99/05891 

P^NT COOPERATION TREAW 



From the INTERNATIONAL BUREAU 



PCT 

NOTIFICATION OF ELECTIOW 
(PCT Rule 61.2) 


To: 

Assistant Commissioner for Patents 

llnitpH Qtfitoc Pstont sinH XrsiHckmsrl^ 
WiiiLCu OlalC\> ralcilL aiiU 1 laUciilOiiN. 

Office 
Box PCT 

Washington, D.C. 20231 
ETATS-UNIS D'AMERIQUE 

in its canacitv elpcted Offirp 


Date of mailing (day/month/year) 
^7 January 2000 (27.01.00) 




International application fMo. 
PCT/US99/05891 


Applicant's or agent* s file reference 
ASCOP061WO 


International filing date (day/month/year) 
18 March 1999(18.03.99) 


Priority date (day/month/year) 
18 March 1998(18.03.98) 


Applicant 

NACLERIO, Edward, J. 



1. The designated Office is hereby notified of its election made: 

[ X I in thecdemand filed with the International Preliminary Examining Authority on: 
16 July 1999(16.07.99) 

I I in a notice effecting later election filed with the International Bureau on: 



2. The election 



□ 



was 



was not 



made before the expiration of 19 months from the priority date or, where Rule 32 applies, within the time limit under 
Rule 32.2(b). 



The International Bureau of WlPO 


Authorized officer 


34, chemin des Colombettes 


Diana Nissen 


1211 Geneva 20, Switzerland 


Facsimile No.: (41-22) 740.14.35 


Telephone No.; (41-22) 338.83.38 



